Method and apparatus for providing a high security mode in a network

ABSTRACT

Systems and methods systems and methods for efficiently and securely forming a communication network. As a non-limiting example, various aspects of the present disclosure provide systems and methods, for example utilizing a plurality of different security modes, for forming a premises-based network (e.g., a MoCA network).

CROSS-REFERENCE TO RELATED APPLICATIONS/INCORPORATION BY REFERENCE

This patent application makes reference to, claims priority to, andclaims benefit from U.S. patent application Ser. No. 14/839,532, filedon Aug. 28, 2015, which is a non-provisional of U.S. Provisional PatentApplication Ser. No. 62/043,403, filed on Aug. 28, 2014, and titled“Method and Apparatus for Providing a High Security Mode in a MoCA 2.0Network,” the entire contents of which are hereby incorporated herein byreference.

FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT

[Not Applicable]

SEQUENCE LISTING

[Not Applicable]

MICROFICHE/COPYRIGHT REFERENCE

[Not Applicable]

BACKGROUND

Various communication networks, such as for example legacy MoCAnetworks, lack a method and/or apparatus for efficiently adding a newnode to the network while maintaining the security thereof. Limitationsand disadvantages of conventional methods and systems for handling theaddition of a new node to a network, for example a MoCA network, willbecome apparent to one of skill in the art, through comparison of suchapproaches with some aspects of the present methods and systems setforth in the remainder of this disclosure with reference to thedrawings.

BRIEF DESCRIPTION OF SEVERAL VIEWS OF THE DRAWINGS

FIG. 1 is a simplified illustration of an example home comprising a MoCAnetwork and nodes.

FIG. 2 is a logical block diagram of a network node, in accordance withvarious aspects of the present disclosure.

FIG. 3 is a simplified block diagram of example circuitry used toimplement a network node, in accordance with various aspects of thepresent disclosure.

FIG. 4 is a flow diagram of an example method for operating a networknode, for example a new network node, in accordance with various aspectsof the present disclosure.

FIG. 5 is an illustration of a format of an example Discovery Requestmessage, in accordance with various aspects of the present disclosure.

FIG. 6 is an illustration of a format of an example Discovery Responsemessage, in accordance with various aspects of the present disclosure.

FIG. 7A is a flow diagram of an example method for operating a networknode, for example a network coordinator node, in accordance with variousaspects of the present disclosure.

FIG. 7B is a continuation of the flow diagram of FIG. 7A.

SUMMARY

Various aspects of this disclosure provide systems and methods forefficiently and securely forming a communication network. As anon-limiting example, various aspects of the present disclosure providesystems and methods, for example utilizing a plurality of differentsecurity modes, for forming a premises-based network (e.g., a MoCAnetwork).

DETAILED DESCRIPTION OF VARIOUS ASPECTS OF THE DISCLOSURE

As utilized herein the terms “circuits” and “circuitry” refer tophysical electronic components (i.e., hardware) and any software and/orfirmware (“code”) that may configure the hardware, be executed by thehardware, and or otherwise be associated with the hardware. As usedherein, for example, a particular processor and memory (e.g., a volatileor non-volatile memory device, a general computer-readable medium, etc.)may comprise a first “circuit” when executing a first one or more linesof code and may comprise a second “circuit” when executing a second oneor more lines of code.

As utilized herein, circuitry is “operable” to perform a functionwhenever the circuitry comprises the necessary hardware and code (if anyis necessary) to perform the function, regardless of whether performanceof the function is disabled, or not enabled (e.g., by auser-configurable setting, factory setting or trim, etc.).

As utilized herein, “and/or” means any one or more of the items in thelist joined by “and/or”. As an example, “x and/or y” means any elementof the three-element set {(x), (y), (x, y)}. That is, “x and/or y” means“one or both of x and y.” As another example, “x, y, and/or z” means anyelement of the seven-element set {(x), (y), (z), (x, y), (x, z), (y, z),(x, y, z)}. That is, “x, y, and/or x” means “one or more of x, y, andz.” As utilized herein, the terms “e.g.,” and “for example” set offlists of one or more non-limiting examples, instances, or illustrations.

The terminology used herein is for the purpose of describing particularexamples only and is not intended to be limiting of the disclosure. Asused herein, the singular forms are intended to include the plural formsas well, unless the context clearly indicates otherwise. It will befurther understood that the terms “comprises,” “includes,” “comprising,”“including,” “has,” “have,” “having,” and the like when used in thisspecification, specify the presence of stated features, integers, steps,operations, elements, and/or components, but do not preclude thepresence or addition of one or more other features, integers, steps,operations, elements, components, and/or groups thereof.

It will be understood that, although the terms first, second, etc. maybe used herein to describe various elements, these elements should notbe limited by these terms. These terms are only used to distinguish oneelement from another element. Thus, for example, a first element, afirst component or a first section discussed below could be termed asecond element, a second component or a second section without departingfrom the teachings of the present disclosure. Similarly, various spatialterms, such as “upper,” “lower,” “side,” and the like, may be used indistinguishing one element from another element in a relative manner. Itshould be understood, however, that components may be oriented indifferent manners, for example a semiconductor device may be turnedsideways so that its “top” surface is facing horizontally and its “side”surface is facing vertically, without departing from the teachings ofthe present disclosure.

A premises (e.g., a home, office, campus, etc.) may comprise acommunication network for the sharing of information between variousdevices within the premises. For example, entertainment content may bereceived through a wide area network (WAN) provided by an MSO(Multi-system Operator), such as a cable television operator orsatellite content provider. Content provided to the premises may bedistributed throughout the premises over a premises-based network (e.g.,a home entertainment network, general premises-based communicationnetwork, etc.). The premises-based network may, for example, comprise alocal area network (LAN) in any of a variety of configurations, such asa mesh network. An example protocol for establishing a premises-basednetwork, for example a home entertainment LAN, is defined by thewell-known MoCA (Multi-media over Coax Alliance) network protocol thatis in-use today.

FIG. 1 is a simplified illustration of an example home 100 comprising aMoCA network 106 and nodes 110, 112, 114, and 116. Though only fournodes are illustrated it should be understood that the network 106 maycomprise any number of nodes. The nodes of the network 106 are coupledto a coaxial cable medium 128. In the example network 106, the signalspresent on the coaxial cables of the network 106 are available to eachof the nodes 110, 112, 114, and 116. Though much of the discussionherein presents examples of various aspects of the disclosure in thecontext of a MoCA network, it would be understood that the scope of thisdisclosure is not limited to a MoCA network nor by variouscharacteristics of a MoCA network.

The example network 106, for example a MoCA network, may be formed byeach node, upon connecting to the medium 128, searching for another nodeto determine whether a network already exists. A New Node (NN) 118searches by attempting to detect the transmission of a Beacon message. ABeacon message may, for example, comprise an unencrypted transmissionsent by a node 110 operating as Network Coordinator (NC) (or networkcontroller). The NC 110 may, for example, be responsible for schedulingall of the activity on the network 106 over the coaxial medium 128. Allactivity on the network may, for example, be scheduled by the NC 110transmitting a Media Access Plan (MAP) message. In one exampleimplementation, there is always one, and only one, NC 110 on the network106 at a time. In an example implementation, any node of the network 106(e.g., a MoCA network) can assume responsibility for functioning as theNC. If there is no other network yet formed on the medium 128, the node110 will take on the responsibility for functioning as the NC and admitother nodes to form a network.

As other nodes are installed, they will each detect the Beacons beingtransmitted by this node acting as the NC 110. When an NN 118 detectsthe Beacons, the NN 118 will go through an admission process whereby theNN 118 will gain admission to the network 106 established by the NC 110.At times, if the NC 110 ceases functioning correctly, hands off NCresponsibility, or is removed from the network, responsibility forperforming the functions of the NC will be taken up by another node(e.g., node 112) in the network 106.

In many instances, it is important to ensure that the network 106remains secure. Content that is passed over the network 106 may beprivate and proprietary. For example, it may (e.g., at times, or always)be important to ensure that only authorized nodes are admitted to thenetwork 106. In accordance with various legacy communication networkprotocols (e.g., MoCA 2.0, etc.), a security scheme is provided toensure the security of the network. In one example implementation, anewly admitted node must generate security keys using an AESKeyGen(Advanced Encryption Standard key generation function). The generatedsecurity keys allow the node to communicate over the network 106. AESsecurity (e.g., as utilized in MoCA 2.0, among other communicationstandards) is considered to be relatively strong. However, to maintainbackward compatibility with earlier generation networks (or componentsthereof), a new generation network may allow earlier generation nodes tojoin the network, even if such nodes do not operating in accordance withthe preferred security functions. For example, MoCA 2.0 allows MoCA 1.0and MoCA 1.1 nodes to join using only DES (Data Encryption Standard),and DES is relatively unsecure compared to AES. In such systems, acurrent generation network may be vulnerable to attack by earliergeneration nodes operating in the current generation network. Forexample, a MoCA 2.0 network may, for example, become vulnerable toattack through the MoCA 1.0 and MoCA 1.1 nodes operating in accordancewith DES.

Accordingly, various aspects of the present disclosure provide systems,methods, and/or protocols for current generation nodes to securely forma network, for example in the presence of earlier generation nodes.

The currently disclosed methods, apparatus, and/or protocols provide aHIGH SECURITY mode that may be used in the context of a communicationnetwork (e.g., a premises-based network, a MoCA network, etc.) to ensurethat only authorized nodes can join the network and to reduce thevulnerability of the network (e.g., the network password, authenticationmethod, encryption method, etc.) to attacks. In accordance with oneexample implementation, when HIGH SECURITY mode is enabled, a highsecurity password of up to 64 printable ASCII characters is used toincrease the security of the network. In addition, nodes that have HIGHSECURITY mode capability (or have such capability enabled) may, forexample, only join networks that have HIGH SECURITY mode capability (orare presently operating in accordance with such mode). Furthermore,networks that have HIGH SECURITY mode capability (or are presentlyoperating in accordance with such mode) might, for example, only allownodes that have HIGH SECURITY mode capability to join.

In accordance with various aspects of the present disclosure, a newHIGH_SECURITY field is provided in a network Discovery Request message(e.g., a Discovery Request Network Information Element (IE) of aDiscovery Request message, etc.) to indicate whether a node is operatingin HIGH SECURITY mode. In an example implementation, a previouslyreserved (or non-utilized) field of the Discovery Request message (orinformation element) may be utilized. In such manner, the field mayalready comprise a known default value utilized by legacy nodes that arenot aware of the utilization of such field by newer generation nodes.For example, the value of the previously reserved field may typically beset to zero for legacy nodes that do not have HIGH SECURITY modecapability. During an admission procedure, a New Node (NN) that isseeking admission to a network may indicate whether the NN has HIGHSECURITY mode enabled by setting the value of the HIGH_SECURITY field toa predetermined value.

In accordance with various aspects of the present disclosure, a newHIGH_SECURITY field may also be provided in a network Discovery Responsemessage (e.g., a Permanent Salt Network IE of a Discovery Responsemessage, etc.) to indicate whether the HIGH SECURITY mode is enabled inthe network. In an example implementation, such field may reflectwhether the value of a new control parameter HIGH_SECURITY_(EN)maintained by the Network Coordinator (NC) indicates that that the HIGHSECURITY mode is enabled. In such example implementation, the NC maytransmit the Permanent Salt Network IE (e.g., as part of a DiscoveryResponse message or other message) to an NN seeking admission toindicate whether the network has HIGH SECURITY mode capability and/or isoperating in the HIGH SECURITY mode.

In accordance with various aspects of the present disclosure, a code isprovided that indicates whether there is a mismatch in security mode. Inan example MoCA network implementation, a new code may be added to theCODE field of the Pre-Admission Response Network IE. The new code may,for example, indicate that no admission request Admission Control Frame(ACF) has been scheduled due to a mismatch in the security mode (e.g.,the HIGH_SECURITY field of the Discovery Request Network IE has adifferent value than the HIGH_SECURITY field of the Permanent SaltNetwork IE (or the HIGH_SECURITY_(EN))).

FIG. 2 is a logical block diagram of a network node 200 in accordancewith various aspects of the present disclosure. The network node 200may, for example, be operable to perform any or all of the nodefunctionality discussed herein (e.g., for a new node 118, networkcoordinator node 110, existing node 112, 114, and 116, any or all of thenodes discussed herein, etc.). In general, each node discussed hereinmay be functioning in a manner that is appropriate to the role such nodeis currently performing. For example, in the scenario illustrated inFIG. 1 and discussed herein, the NC node 110 performs the role of thenetwork NC, the node 118 plays the role of an NN that has not yet beenadmitted to the network 106, the Existing Nodes (EN) 112, 114, and 116play the role of a node that has been admitted to the network 106, forexample by the NC 110, etc. Various functions of the network nodes aredisclosed herein in order to understand how each node functions in itsrole in accordance with various aspects of the present disclosure.

The example node 200 uses the seven layer Open System Interconnection(OSI) model and/or any generally analogous layered communication model.For example, the node 200 may comprise circuitry that operates toimplement a physical layer 202 which is responsible for controlling thephysical interface to the medium (e.g., cable medium, phone line medium,other wired medium, wireless medium, tethered and/or untethered opticalmedium, etc.), including transmitting and/or receiving signals over themedium.

The node 200 may comprise circuitry that operates to implement a DataLink Layer (DLL) 204, for example comprising several sub-layers (e.g.,an Ethernet Convergence Layer (ECL) 206, Link Layer Control (LLC) 208,Media Access Control (MAC) 210, etc.). The DLL 204 may, for example, beresponsible for controlling the higher layer operation above thephysical layer 202 and determining the timing and management of messagesto be transmitted and received. Accordingly, the DLL 204 may work withthe physical layer 202 to perform any or all of the functions discussedherein (e.g., with regard to FIGS. 1-7). In one example implementation,the DLL 204 is implemented by the execution of software running on atleast one processor. The DLL 204 and/or any of the layers shown in FIG.2 may be implemented by any of a variety of types of processingcircuitry (e.g., application-specific integrated circuitry, programmablearray logic circuitry, discrete logic circuitry, general-purposeprocessor circuitry, specific-purpose processing circuitry, etc.).

In accordance with various aspects of the present disclosure, aManagement Entity (ME) 214 may, for example, comprise a high layerlogical device associated with the node 200. The ME 214 may, forexample, provide high level control of the node 200, provide content tothe node 200 for transmission over the network, receive content from thenode 200 received from the network, etc. The ME 214 or portions thereofmay, for example, be collocated with the node 200 and/or may beimplemented at a location that is geographically remote from the node200. Similarly, the Upper Layers 212 may be collocated with the node 200and/or may be implemented at a location that is geographically remotefrom the node 200.

In accordance with various aspects of the present disclosure, severalcontrol parameters may be utilized to pass information between the node200 and the management entity 214. In accordance with one exampleimplementation, three example control parameters are disclosed hereinfor use in a network (e.g., a MoCA network, etc.), in addition toseveral other existing control parameters. These three example controlparameters are shown in Table 1 below.

TABLE 1 Control Parameters Parameters Name Description Allowed ValuesHIGH_SECURITY_(EN) Controls whether the Node ENABLED, DISABLED operatesin HIGH SECURITY mode or not when privacy is enabled.SEC_MODE_MISMATCH_(DETECT) When the Node is the NC, Active, Inactivereports that a Node with a different security mode tried to join thenetwork. When the Node is an NN, reports that it detected a network thatis in a different security mode. PSWD Value of the Password used When bythe Node HIGH_SECURITY_(EN) = DISABLED: A password of between 12 and 17decimal digits; When HIGH_SECURITY_(EN) = ENABLED: Any string of up to64 Printable ASCII Characters

These control parameters, for example, allow and/or support informationto be passed between a management entity 214 that is responsible forhigh level control of a network node 200 and the node 200 itself. Thefirst example control parameter, HIGH_SECURITY_(EN), may for example beused to provide a mechanism to allow the management entity 214 tocontrol whether the node 200 operates (or must operate) in HIGH SECURITYmode.

The second example control parameter, SEC_MODE_MISMATCH_(DETECT),indicates whether the node 200 has detected a mismatch in the securitycapability (and/or enablement) of the node 200 and other nodes withwhich the node 200 might network. For example, if the node 200 is a newnode (NN), then SEC_MODE_MISMATCH_(DETECT) may indicate whether there isa mismatch between the security capability (or present security mode) ofthe NN 200 and the Network Coordinator (NC) of a network that the NN 200is attempting to join. The example control parameterSEC_MODE_MISMATCH_(DETECT) may, for example, be reported to (or read by)the management entity 214 by the node 200. If the node 200 is an NC,then the example control parameter SEC_MODE_MISMATCH_(DETECT) mayindicate whether there is a mismatch between the security capability (orpresent security mode) of the NC 200 and a NN that is attempting to jointhe network. Illustrative examples of the operation of a NN in HIGHSECURITY mode and the operation of an NC in HIGH SECURITY mode areprovided herein.

The third example control parameter, PSWD, may for example provide a wayfor the management entity 214 to control the value of the current activepassword of the node 200.

FIG. 3 is a simplified block diagram of example circuitry used toimplement a network node 300, in accordance with various aspects of thepresent disclosure. The network node 300 may, for example, be operableto perform any or all of the node functionality discussed herein (e.g.,with regard to FIGS. 1-7). The network node 300 may, for example, shareany or all characteristics with any of the nodes discussed herein (e.g.,the node 200 of FIG. 2, the nodes 110, 112, 114, 116, and 118 of FIG. 1,etc.).

The node 300 comprises at least one processor 301, a memory 302, and aPHY 304. The memory 302 is coupled to the processor 301. The PHY 304includes an RF front end 306. The PHY 304 may also include a dedicatedprocessor (not shown) that performs functions associated with the PHY304. Alternatively, some control functions of the PHY 304 may beperformed by the processor 301. In the transmit path, the PHY 304 and/orRF Front End 306 may receive information from the processor 301. Theinformation is modulated on signals generated by the RF front end 306.The RF front end 306 transmits such signals over a medium 128 (e.g.,over coaxial cabling used to connect notes of a MoCA network, etc.). Inthe receive path, the PHY 304 and/or RF front end 306 receive signalsfrom the medium 128, demodulates the signals to retrieve the informationcommunicated by such signals, and passes the received information to theprocessor 301 for processing. It should be understood that, while theexample node 300 shown in FIG. 3 (and other nodes discussed herein) isdescribed with respect to a node connected to a network via coaxialcable, the node 300 may be connected to the network over any medium.

The processor 301 within the node 300 performs several tasks. Theexample node 300 is shown and described as having a single processor 301that performs all of the disclosed tasks and functions of the node 300.Nonetheless, it should be understood that the disclosed tasks andfunctions of the node 300 may be performed by any combination ofhardware, firmware, and software. Furthermore, any software or firmwaremay be executed by one or a combination of several independent orcoordinated processors. For example, in various example implementations,it may be more efficient to use processors dedicated to performing aparticular task or group of tasks. Also for example, the processor 301(or processors) may comprise any of a variety of processing circuits(e.g., general purpose processors, specific purposes processors,microcontrollers, application-specific integrated circuits, programmablestate machine devices, analog and/or digital circuitry, etc.). In analternative implementation, the node 300 may have several processorsthat work together or independently. The processor 301 may, for example,read computer readable program code from the memory 302 and execute thecode to perform the functions of the DLL 204, the upper layers 212and/or the ME 214 (see FIG. 2). In one example implementation, the ME214 is not co-located with the DLL 204. In such an exampleimplementation, the ME 214 may be implemented using a differentprocessor or processors. Likewise, in one example implementation, theupper layers 212 are not co-located with the DLL 204. In such an exampleimplementation, the upper layers 212 may be implemented using adifferent processor or processors. It should be understood that theparticular physical layout of the logical components may varysubstantially, so long as the disclosed functionality may be performed.In an alternative implementation, the functions of the DLL 204 and/orother functions disclosed herein may be performed by dedicated hardware,firmware or a combination of hardware, firmware and software executed bya special or general purpose processor.

FIG. 4 is a flow diagram of an example method 400 for operating anetwork node, for example a new network node, in accordance with variousaspects of the present disclosure. The example method 400 may, forexample, be performed by any or all network nodes presented herein(e.g., the node 300 of FIG. 3, the node 200 of FIG. 2, the nodes 110,112, 114, 116, and 118 of FIG. 1, etc.). For example, the example method400 may be followed by a new node (NN) looking to gain admission to (orattach to) a communication network. The discussion herein will proceedreferring to the operation of new node 118, shown in FIG. 1 (e.g., whichmay also be shown as the nodes 200 and 300 shown in FIGS. 3 and 4). TheNN 118 may, for example, be operating in a HIGH SECURITY mode, inaccordance with various aspects of the present disclosure. It should beunderstood, however, that the scope of the various aspects of thepresent disclosure is not limited to operation of a new node.

The example method 400 begins executing at block 401 in response to apower-on condition of the new node 118. It should be understood,however, that the example method 400 may begin executing in response toany of a variety of causes or conditions. For example, the examplemethod 400 may begin executing in response to a hard reset of the newnode 118, in response to a user request or command received at the newnode 118, in response to a request or command from another node (e.g., anetwork coordinator node or other node), in response to execution of arelated flow diagram, etc.

At block 402, the new node 118 searches for a Beacon message. Forexample, the new node 118 may search the signals that are beingtransmitted over the coaxial cable 128 to which the new node 118 isconnected to identify a Beacon message (or Beacon). As explained herein,the coaxial cable might comprise only signals associated with a singlenetwork, but may also comprise signals associated with a plurality ofnetworks (e.g., a plurality of home-based cable networks).

At flow control block 403, if a Beacon is not detected, then executionflow of the example method 400 may return to block 402 for continuedsearching. If, however, a Beacon is detected, then execution flow of theexample method 400 may proceed to block 405. Beacons may, for example,be generated by one or more network coordinators.

At block 405, for example after the new node 118 detects a Beacon, thenew node 118 may determine from information carried by the Beacon whenthe next Admission Control Frame (ACF) slot will occur and/or when thenext ACF slot that is designated for communication of a DiscoveryRequest message will occur. The ACF slot may, for example, be designatedfor the communication of any of a variety of types of admission controlmessages. Also for example, the ACF slot may be designated specificallyfor transmission of a Discovery Request message.

For example, if there is a network 106 that is currently operating onthe medium to which the new node 118 is connected, the NC 110 of thatnetwork may send out periodic Beacons. These Beacons may, for example,indicate times when a new node can send messages related to admission tothe network. Such requests may, for example, include requests for the NC110 to provide information regarding the network, to schedule anadmission request time slot, etc. In accordance with one exampleimplementation, when the control parameter HIGH_SECURITY_(EN) is set toDISABLE within an NC 110, the NC 110 will alternately transmit a Beaconthat schedules a MoCA 1.X (e.g., MoCA 1.0, MoCA 1.1, etc.) AdmissionRequest time slot and a Beacon that schedules a MoCA 2.X (e.g., a MoCA2.0, etc.) Discovery Request time slot. In one example implementation,when operating in HIGH SECURITY mode, the NC 110 will only transmitBeacons that schedule ACF slots for MoCA 2.0 Discovery Request messages.In such example implementation, the NC 110 will not schedule anyopportunities for a MoCA 1.X node to request admission to a network whenoperating in MoCA 2.0 HIGH SECURITY mode.

At block 407, the new node 228 may (e.g., at the next opportunity tosend a Discovery Request message), transmit a Discovery Request message.In accordance with various aspects of this disclosure, the DiscoveryRequest message may for example carry a Discovery Request Network IE(Information Element). A non-limiting example of the Discovery Requestmessage is shown in FIG. 5.

FIG. 5 is an illustration of a format of an example Discovery Requestmessage, in accordance with various aspects of the present disclosure.Table 2 also illustrates an example format for a Discovery Requestand/or a Discovery Response message.

TABLE 2 Discovery Request and Discovery Response Message Formats FieldLength Usage MPDU Header 502 TRANSMIT_CLOCK 32 bits This value is thescheduled time derived from the corresponding Allocation Unit in theMAP. PACKET_SUBTYPE  4 bits 0x0 - Pre-admission discovery request 0x1 -Pre-admission discovery response PACKET_TYPE  4 bits 0x9 - Link controlII VERSION  8 bits 0x10 RESERVED  8 bits This field is reserved forfuture use. SOURCE_NODE_ID  8 bits The NC node ID when sent by the NC.0x00 otherwise RESERVED  8 bits This field is reserved for future use.DESTINATION_NODE_ID  8 bits 0x3F - Broadcast PACKET_LENGTH 16 bits Thelength of the packet MPDU_CONTROL_INFORMATION 32 bits Variousinformation bits related to the Ethernet unicast/broadcast packet typesHEADER_FCS 16 bits Header for the Frame Check Sequence Frame Payload 504RESERVED 32 bits Type III Payload Variable List of Network IEs PayloadFCS 506 PAYLOAD_FCS 32 bits Frame Check Sequence

The example Discovery Request message 500 comprises a header 502, framepayload 504, and payload FCS (Frame Check Sequence) 506. The header 502may, for example, comprise several fields, non-limiting examples ofwhich are provided herein. One of the fields may, for example, comprisea PACKET_TYPE field 505. The PACKET_TYPE field 505 may, for example, beset to a value to indicate that the communication is a Link Control IImessage. Another of the fields in the header 502 may, for example,comprise a PACKET_SUBTYPE field 507. The value of the PACKET_SUBTYPEfield 507 may, for example, be set to a value to indicate that theDiscovery Request message 500 is a Pre-Admission Discover Requestmessage. The frame payload 504 may, for example, comprise a PAYLOADfield 512. The PAYLOAD field 512 may, for example, be loaded with aDiscovery Request Network IE 508. Table 3 shows an example format of theDiscovery Request Network IE 508.

TABLE 3 Discovery Request Network IE Field Length Value Network IEHeader - 514 TYPE 8 bits 0x00 - Discovery Request Network IE LENGTH 8bits 0x00 Network IE Payload - 517 RESERVED 11 bits  Type IIIHIGH_SECURITY 1 bit  When PRIVACY_(EN) = ENABLED: reflects the value ofHIGH_SECURITY_(EN) 0b0 - Disabled 0b1 - Enabled When PRIVACY_(EN) =DISABLED: set to 0b0 DISCOVERY_OPTIONS 4 bits 0x0 - Discover all MoCANetwork attributes defined in Standard 0x1 - Discover all MoCA Networkattributes defined in Standard, and request a MoCA 2.0 Admission Requesttime slot 0x2 - Skip Discovery Response and request a MoCA 2.0 AdmissionRequest time slot directly. Other values reserved

The Discovery Request Network IE 508, in turn, may comprise a Network IEHeader 514 and a Network IE Payload 517. The Network IE Header 514 may,for example, comprise a TYPE field 515 and a LENGTH field 516. The TYPEfield 515 may, for example, be set to a value to indicate that thepayload 504 of the Discovery Request message 500 is a Discovery RequestNetwork IE. The LENGTH field 516 may, for example, indicate the lengthof the Discovery Request Network IE 508.

In accordance with one example implementation, the Network IE Payload517 may comprise three example fields. The first example field may, forexample, be reserved for future use (shown in Table 3, but not shown inFIG. 5). The second example field is a HIGH_SECURITY field 518. Thethird example field is a DISCOVERY_OPTIONS field 520.

In accordance with an example scenario, the value of the HIGH_SECURITYfield 518 is set to MO (binary value of zero) to indicate that either“Privacy” is disabled (e.g., as indicated by the value held in a controlparameter PRIVACY_(EN)) or HIGH SECURITY mode is disabled (e.g., asindicated by the control parameter HIGH_SECURITY_(EN) within the NN 118being set to “DISABLED”).

Alternatively, if Privacy is enabled (e.g., as indicated by the valueheld in the control parameter PRIVACY_(EN)) and HIGH SECURITY mode isenabled (e.g., as indicated by the control parameter HIGH_SECURITY_(EN)within the NN 118 being set to “ENABLED”), then the value of theHIGH_SECURITY field 518 may be set to 0b1 (binary value of 1).

In an example scenario, if the NN 118 will require a relatively longtime to generate the security keys needed to gain admission, then the NN118 will set the DISCOVERY_OPTIONS field 520 to 0x0 (hexadecimal valueof zero) and set the HIGH_SECURITY field 518 to 0b1. The NN 118 willthen transmit the Discovery Request message. When the security keys areready, the NN 118 will transmit another Discovery Request message withthe DISCOVERY_OPTIONS field 520 set to 0x1 or 0x2 and the HIGH_SECURITYfield 518 set to 0b1.

After the NN 118 transmits the Discovery Request message(s) at block407, the NN 118 waits for a Discovery Response message. For example,execution flow of the example method 400 loops between flow controlblocks 409 and 411 until either a Discovery Response message isreceived, at which point execution flow of the example method 400proceeds to block 413, or a timer expires, at which point execution flowof the example method 400 returns to block 407.

In an example implementation, after sending the Discovery Requestmessage at block 407, the NN 118 will listen for a Beacon that indicateswhen the NC 110 will send a responsive Discovery Response message (e.g.,in an admission control frame (ACF) transmission). The NN 118 may, forexample, monitor the network 106 until either detecting (or receiving) aDiscovery Response message (at block 409) or timing out (at block 411).The NN 118 will then analyze the received Discovery Response message atblock 413.

The Discovery Response message may, for example, be formatted inaccordance with Table 2 shown herein. FIG. 6 also illustrates the formatof an example Discovery Response message 600. The format of theDiscovery Response message 600 may, for example, be generally the sameas the Discovery Request message 500.

In an example implementation, if privacy is enabled, the NC 110 willtransmit a Discovery Response message 600 in which the frame payload 604includes a Permanent Salt Network IE 608 in the PAYLOAD field 617instead of the Discover Request Network IE 508 provided in the exampleDiscovery Request message 500 discussed herein. However, if privacy isnot enabled in the NC 110, then the NC 110 will send a DiscoveryResponse message that does not include a Permanent Salt Network IE 608.Table 4 shows the format of an example Permanent Salt Network IE 608.

TABLE 4 Permanent Salt Network IE Format Field Length Value Network IEHeader - 613 TYPE 8 bits 0x02 - Permanent Salt Network IE LENGTH 8 bits0x03 Permanent Salt Network IE Payload - 617 RESERVED 15 bits  Type IIIHIGH_SECURITY 1 bit  Reflects the value of the NC's HIGH_SECURITY_(EN)0b0 - Disabled 0b1 - Enabled PERMANENT_SALT 96 bits  Randomly generated

The example Permanent Salt Network IE 608 comprises a Network IE Header613 that includes a TYPE field 615 and a LENGTH field 616. In addition,the Permanent Salt Network IE 608 comprises a Permanent Salt Network IEPayload 617 comprising three fields. The first example field may, forexample, be reserved for future use (shown in Table 4, but not shown inFIG. 6). The second example field is a HIGH_SECURITY field 618. Thethird example field is a PERMANENT_SALT field 620. The contents of thePERMANENT_SALT field 620 are used to create security keys.

Upon detecting a Discovery Response message at block 409, execution flowof the example method 400 proceeds to block 413. At block 413, the NN118 determines whether the received Discovery Response includes aPermanent Salt Network IE 608. If the Discovery Response includes aPermanent Salt Network IE 608, the NN 118 determines whether theHIGH_SECURITY field 618 thereof is set to a value that does not matchthe value that was sent in the HIGH_SECURITY field 518 of the DiscoveryRequest Network IE 508 sent by the NN 118 at block 407. If there is asecurity mismatch in the respective HIGH_SECURITY fields 518 and 618,then execution flow of the example method 400 will proceed to block 417at which the NN 118 will set the value of the control parameterSEC_MODE_MISMATCH_(DETECT) to indicate the security mismatch condition(e.g., in accordance with Table 1 herein). Note that setting the controlparameter SEC_MODE_MISMATCH_(DETECT) may, for example, cause an eventmessage (e.g., a SEC_MODE_MISMATCH_(DETECT) event) to be communicated tothe NN's Management Entity to notify the Management Entity of thedetected mismatch. Also for example, such an event message may becommunicated to the ME without setting a local control parameter. Also,if at block 413, it is determined that the received Discovery Responsemessage 600 does not include a Permanent Salt Network IE 608, and the NN118 sent a Discovery Request message at block 407 in which theHIGH_SECURITY field 518 was set to Obl (e.g., a security mismatchexists), then execution flow of the example method 400 will proceed toblock 417 at which the NN 118 will set the value of the controlparameter SEC_MODE_MISMATCH_(DETECT) to indicate the security mismatchcondition (e.g., in accordance with Table 1 herein).

If at block 413, it is determined that there is no security mismatch,then execution flow of the example method 400 will proceed to block 415,at which the admission procedure for the NN 118 continues (e.g., usingthe HIGH SECURITY network password, for example as shown in Table 1).

Many networks (e.g., MoCA 2.0 networks, etc.) use passwords to ensureprivacy. The password may, for example, be provided in any of a varietyof manners, non-limiting examples are provided herein. For example, thepassword may be provided by an installation technician, the password maybe programmed into the node prior to being delivered to the site ofinstallation, etc.

In various networks (e.g., a MoCA 2.0 network, etc.), all of the nodesmay share a same Network Password, for example when Network Privacy isenabled. Each node that wishes to join a network must have the correctpassword.

In an example implementation, when operating the HIGH SECURITY mode, thecryptographic algorithm used to provide privacy in the network maycomprise AES-128, with a key length of 128-bits. The AES keys for nodeadmission and link privacy may, for example, be derived from the NetworkPassword. For example, all network nodes, including the NC 110, mayderive a static AES key AMMK and APMKInitial from the Network Passwordand a Permanent S alt.

In an example implementation, when the control parameterHIGH_SECURITY_(EN) is set to a value indicating that HIGH SECURITY modeis disabled, the Network Password length may be 12 to 17 decimal digits.When, however, the control parameter HIGH_SECURITY_(EN) is set to avalue indicating that HIGH SECURITY mode is enabled, a longer passwordof up to 64 printable ASCII characters may be used for the NetworkPassword. In such an implementation, only nodes (e.g., MoCA nodes in aMoCA network) that have HIGH SECURITY mode capability will be able tosupport the longer password(s).

In addition, in accordance with various aspects of the presentdisclosure, the manner in which the keys are generated when the node isnot operating in HIGH SECURITY mode (e.g., when the control parameterHIGH_SECURITY_(EN) is set to DISABLED) may be different from the mannerin which the keys are generated when the node is operating inHIGH_SECURITY mode (e.g., when the control parameter HIGH_SECURITY_(EN)is set to ENABLED). In one example implementation, a HMAC-SHA-256function may be used to generate the keys. The key generation functionmay, for example, utilize a lower iteration count when the HIGH SECURITYmode is disabled than when the HIGH SECURITY mode is enabled. Thus, evenif an NN 118 has the correct password, it will not generate the keys inthe same manner as the network NC 110 if they are not operating in thesame security mode (e.g., if either the NC 110 or the NN 118 is in HIGHSECURITY mode and the other is not). Therefore, when there is a mismatchin the security mode, the keys of the NN 118 will not match the keysused by the network 106 and the NN 118 will not be able to gainadmission to the network 106.

FIG. 7 is a flow diagram of an example method 700 for operating anetwork node, for example a network coordinator node, in accordance withvarious aspects of the present disclosure. FIG. 7 is split into FIG. 7Aand FIG. 7B. The example method 700 may, for example, be performed byany or all network nodes presented herein. For example, the examplemethod 700 may be performed by a network coordinator (NC) node (ornetwork controller) managing admission to a communication network. Thediscussion herein will proceed referring to the operation of NC node110, shown in FIG. 1 (e.g., which may also be shown as the nodes 200 and300 shown in FIGS. 3 and 4). The NC 110 may, for example, be operatingin a HIGH SECURITY mode, in accordance with various aspects of thepresent disclosure. It should be understood, however, that the scope ofthe various aspects of the present disclosure is not limited tooperation of a network coordinator node. Note, however in an exampleMoCA network, any node may generally perform the functionality of anetwork coordinator.

The example method 700 begins executing at block 701. The example method700 may begin executing in response to any of a variety of causes orconditions. For example, the example method 700 may begin executing inresponse to receiving operation flow from another method or any block ofthe example method 700. Also for example, the example method 700 maybegin execution in response to a hard reset of the NC 110, in responseto a user request or command received at the NC 110, in response to arequest or command from another node, in response to command by amanagement entity 224, etc.

At flow control block 702, it is determined whether the NC 110 isoperating in HIGH SECURITY mode. If the NC 110 is not operating inHIGH_SECURITY mode (e.g., the control parameter HIGH_SECURITY_(EN) ofthe NC 110 is set to DISABLED), then block 702 will direct executionflow of the example method 700 to block 703. If, however, the NC 110 isoperating in HIGH SECURITY mode (e.g., the control parameterHIGH_SECURITY_(EN) of the NC is set to ENABLED), then block 702 willdirect execution flow of the example method 700 to block 715.

At block 703, the NC 110 will transmit Beacons. The Beacons willalternate between scheduling timeslots for admission control messagesfor earlier generation nodes and current generation nodes. In an exampleMoCA implementation, the NC 110 will alternative between transmittingBeacons that schedule an ACF slot for MoCA 1.0 Admission Requests to besent by an NN, and transmitting Beacons that schedule an ACF slot forMoCA 2.0 Discovery Request messages to be sent by an NN.

At flow control block 705, the NC 110 determines whether a DiscoveryRequest has been detected. If a Discovery Request has not been detected,then block 705 directs execution flow of the example method 700 to block707, at which operation of the NC 110 will proceed in a normal fashion.

If, however, the NC 110 detects (or receives) a Discovery Requestmessage, then block 705 directs execution flow of the example method 700to block 709. At block 709, the NC 110 checks the value of theHIGH_SECURITY field of the Discovery Request message (e.g., as carriedin the Discovery Request Network IE 508 of a Discovery Request message500). In an example implementation, the NC 110 analyzes theHIGH_SECURITY field 518 to determine whether there is a security modemismatch between the NN that sent the Discovery Request and the NC 110(e.g., as evidenced by the NC's HIGH_SECURITY_(EN) control parameter).

If, at block 709, the NC 110 determines that the value of theHIGH_SECURITY field is DISABLED, then there is no security mismatch.Execution flow of the example method 700 then proceeds to block 707, atwhich the admission process for the NN that sent the received DiscoveryRequest message will continue in a normal fashion. Additionally, at thispoint, since the NC 110 is not operating in HIGH_SECURITY mode,admission operation will also proceed in a normal fashion in response toattempts by MoCA 1.X NNs to join the network.

If, however, at block 709, the NC 110 determines that the value of theHIGH_SECURITY field is ENABLED (e.g., set to 0b1), then there is asecurity mismatch. Execution flow of the example method 700 thenproceeds to block 711, at which the NC 110 sets the value of the controlparameter SEC_MODE_MISMATCH_(DETECT) (see Table 1) to report that asecurity mode mismatch has occurred (e.g. reporting the mismatch to itsmanagement entity 214). Note that setting the control parameterSEC_MODE_MISMATCH_(DETECT) may, for example, cause an event message(e.g., a SEC_MODE_MISMATCH_(DETECT) event) to be communicated to theNC's Management Entity to notify the Management Entity of the detectedmismatch. Also for example, such an event message may be communicated tothe ME without setting a local control parameter. Flow of the examplemethod 700 may then proceed to block 713, at which the attempt to jointhe network fails. For example, either no admission opportunity will beprovided by the NC 110, the password held by the NN 118 will bedifferent from the network password (e.g., the NN 118 will have a HIGHSECURITY mode password, and the NC 110 will have a normal password), orthe process for generating the key will differ (e.g., the number ofiterations used to in the key generation function will differ, asdiscussed herein).

Returning to flow control block 702, if HIGH SECURITY mode is enabledfor the NC 110, then execution of the example method 700 will flow toblock 715, at which the NC 110 will transmit Beacons. At block 715, asopposed to block 703, the NC 110 will only transmit Beacons thatschedule timeslots for admission control messages for current generationnodes. In an example MoCA 2.0 implementation, the NC 110 will onlytransmit Beacons that schedule ACF slots for MoCA 2.0 Discovery Requestmessages. Execution flow of the example method 700 with then proceed toflow control block 717.

At flow control block 717, the NC 110 determines whether a DiscoveryRequest has been detected. If a Discovery Request has not been detected,then block 717 directs execution flow of the example method 700 to block715, at which the NC 110 will continue to transmit Beacons. If, however,the NC 110 detects (or receives) a Discovery Request message, then block717 directs execution flow of the example method 700 to block 719 (seeFIG. 7B).

Referring now to FIG. 7B, at block 719, the NC 110 checks the value ofthe HIGH_SECURITY field of the Discovery Request message (e.g., ascarried in the Discovery Request Network IE 508 of a Discovery Requestmessage 500). In an example implementation, the NC 110 analyzes theHIGH_SECURITY field 518 to determine whether there is a security modemismatch between the NN that sent the Discovery Request and the NC 110(e.g., as evidenced by the NC's HIGH_SECURITY_(EN) control parameter).

If the value of the HIGH_SECURITY field is not ENABLED, then there is asecurity mismatch, since the NC 110 at this point is operating in theHIGH SECURITY mode. Execution flow of the example method 700 thenproceeds to block 723, at which the NC 110 sets the value of the controlparameter SEC_MODE_MISMATCH_(DETECT) (see Table 1) (e.g., to report themismatch to its management entity 214). Note that setting the controlparameter SEC_MODE_MISMATCH_(DETECT) may, for example, cause an eventmessage (e.g., a SEC_MODE_MISMATCH_(DETECT) event) to be communicated tothe NC's Management Entity to notify the Management Entity of thedetected mismatch. Also for example, such an event message may becommunicated to the ME without setting a local control parameter. Flowof the example method 700 may then proceed to block 725, at which theattempt by the NN to join the network fails.

If at block 719, the NC 110 determines that the value of theHIGH_SECURITY field 518 is ENABLED (e.g., set to 0b1), then executionflow of the example method 700 will flow to block 727. At block 727, theNC 110 will check the state of the DISCOVERY_OPTIONS field 520. If theDISCOVERY_OPTIONS field 520 is set to a value of 0x0 (zero hexadecimal),then execution flow of the example method 700 will flow to block 729, atwhich the NC 200 will continue sending a predetermined number ofadditional Beacons. As explained herein, such a value in theDISCOVERY_OPTIONS field 520 may, for example, indicate that the NN needstime to generate security information. In accordance with one exampleimplementation, the predetermined number of additional Beacons is 200.

After the NC 110 sends a Beacon at block 729, execution flow of theexample method 700 proceeds to block 731, at which a determination ismade whether the predetermined number of Beacons have been sent. If so,then block 731 directs execution flow of the example method 700 to block733, at which point the admission process for the NN times out at block733 and the NN's attempt to join the network fails at block 725. If not,then block 731 directs execution flow of the example method 700 to block735 to determine whether a Discover Request message has been receivedwith the DISCOVERY_OPTIONS field set to 0x1 or 0x2. If not, then block735 directs execution flow of the example method back up to block 729for continued transmission of the Beacons.

If block 735 determines that a Discovery Request message has beenreceived with the DISCOVERY_OPTIONS field 520 set to either 0x1 or 0x2,then block 735 directs execution flow of the example method 700 to block737. At block 737, the NC 110 forms and transmits a Discovery Responsemessage. An example format for the Discovery Response message 600 ispresented herein at FIG. 6, and the admission process will proceed in anormal fashion thereafter at block 739.

In summary, various aspects of this disclosure provide systems andmethods for efficiently and securely forming a communication network. Asa non-limiting example, various aspects of the present disclosureprovide systems and methods, for example utilizing a plurality ofdifferent security modes, for forming a premises-based network (e.g., aMoCA network). While the foregoing has been described with reference tocertain aspects and examples, it will be understood by those skilled inthe art that various changes may be made and equivalents may besubstituted without departing from the scope of the disclosure. Inaddition, many modifications may be made to adapt a particular situationor material to the teachings of the disclosure without departing fromits scope. Therefore, it is intended that the disclosure not be limitedto the particular example(s) disclosed, but that the disclosure willinclude all examples falling within the scope of the appended claims.

1. A network comprising: a first network node; and a network coordinatornode, wherein: the first network node comprises at least one circuitoperable to, at least: transmit a discovery request message, thediscovery request message comprising first security information thatindicates a security mode in which the first network node is operating;and receive a discovery response message from the network coordinatornode in reply to the transmitted discovery request message, thediscovery response message comprising second security information thatindicates a security mode in which the network coordinator node isoperating. 2-20. (canceled)